Presentations

Presentation and speaker details for BSidesSATX 2018 speaking tracks. See here for a visual schedule.

in the weeds - Moody Life sciences center 101

9:00 - Attacking Authentication in Web Applications - Jake Miller Abstract:Broken authentication is an ongoing issue, identified in the OWASP Top 10 2013 and 2017 (A2 in both). While broken authentication can span multiple topics, this presentation focuses mainly on attacking single factor authentication using usernames and passwords, however other authentication/authorization flaws will be touched on. Methods and techniques will be discussed to perform reconnaissance/scanning, username enumeration, account lockout bypass, various password attacks, and more.Speaker Bio:Jake is a penetration tester for Jacobs Engineering Group, primarily focusing on web application security. Prior to penetration testing, he was a Security Controls Assessor, a SOC analyst, and a Navy Submariner. He blogs about security on https://laconicwolf.com, writes a fair amount of Python and PowerShell code on https://github.com/laconicwolf, and occasionally tweets (@laconicwolf). Aside from security and coding, he enjoys spending time with his family and participating in ultra-running and obstacle races.

10:00 - Another name for Intel: Honeypots- Kat Fitzgerald Abstract:Gathering Threat Intelligence is an art. Using it to your advantage is magic. Do you even know what your real security profile is and who or what is attacking you? Vulnerability scans are great, but are you really vulnerable? Using OSS across honeypots , VPS's and even Raspberry Pis, none of which requires rocket-science-like technical skills to deploy, allow you to see the profile of those who might be attacking you. Gathering real Threat Intel, in a live environment, directed at your systems and using the data to be more secure! Speaker Bio:Based in Chicago and a natural creature of winter, you can typically find her sipping Casa Noble Anejo whilst simultaneously defending her computer networks using OSS, magic spells and Dancing Flamingos against a barrage of attackers. Honeypots are a favorite tool of hers because, well, you know - they are fun.

11:00 - GSuite Digital Forensics and Incident Response - Megan Roddie Abstract:With the current standard of companies transitioning to the cloud, digital forensic investigators and incident responders are facing new, unknown territory. As a starting point of talking about cloud DFIR, this talk aims to provide a real-life case study of what it is like to respond to an incident in GSuite, Google’s cloud business suite. The goal is that by reviewing this case study the audience will not only learn about GSuite DFIR but also begin to think about how this extends to all cloud environments.Speaker Bio:Megan Roddie is a security analyst with Recon InfoSec. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides Dallas, SOURCEConf, and various other conferences. Megan recently graduated with a Master’s degree in Digital Forensics and holds GCIH and GCFA certifications. ​

13:00 - Achieving Advanced Security User Cases by Integrating Key Security Solutions with a Vulnerability Management System - Gunner Clary, Danny SantanderAbstract:In order to solve many advanced information security use cases, one must correlate historical vulnerability scanning information alongside information garnered from other security technologies such as SIEMs, Ticketing, IDS/IPS, NAC, Deception technologies, and many others. However, to best achieve these use cases, a difficult correlation challenge related to normal IT changes across time, must be overcome. This session covers three specific advanced security use cases achieved by integrating vulnerability management, with other security technologies. The session includes a demonstration of use case related to an incident response program, and solved by a security technology.Speaker Bio:Gunner Clary: A graduate from The University of Texas at San Antonio with a degree in computer science. Currently working as an API integrations developer for Digital Defense Inc.Danny Santander: From Tucson, Arizona. This is my first year at Digital Defense after a four month internship working on web development for their Enterprise Risk Assessment tool. Currently signed onto their Integrations Team as a Software Engineer.

14:00 - Cryptojacking Servers: The Intersection of poor patch management and ICO's - Chuck McAuleyAbstract:In this talk we'll take you through some exploits that have been used to drop cryptocoin mining applications, attribution to mining pools and private wallets, and the potential dollar values raked in so far by each campaign. You'll also take away key indicators that you can use to find cryptojacking in your network.Speaker Bio: I hack things at Keysight/Ixia. Previously I've worked for BreakingPoint Systems, Spirent Communications, and Imperfect Networks. I hide in a cave in Massachusetts near New Hampshire. I like to talk about security stuff that I find at work and spare time.

15:00 - Securing the Future of TLS: What's new in TLS 1.3 - Carl MehnerAbstract:TLS has had many changes and updates throughout the years, TLS 1.3 is a major milestone in the series of TLS protocols. Come hear what's changed in TLS 1.3 and how the protocol was designed with security front of mind.Speaker Bio:Carl is an information security professional who has been working in the PKI space for the past 8 years and most recently named, a contributor to the TLS 1.3 protocol.

16:00 - PowerShell Exploitation, PowerSploit, Bloodhound, PowerShellMafia, Obfuscation, PowerShell Empire, the Empire has fallen, you CAN detect PowerShell exploitation- Michael Gough Abstract:PowerShell is all the rage for the Red Team and the criminals. There are many tools or frameworks now available to Pentesters and the criminal elements. Utilizing PowerShell in attacks and exploit systems without requiring the addition of malicious binaries, rather live of the land and use the built-in Windows PowerShell functionality to get the job done is the Red Teams goal, so what about the Blue Team?Speaker Bio:Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.

in the beginning - moody LIFE SCIENCES CENTER 102

09:00 -RoCET: The Remote Code Execution Tool for the Web - andr01dAbstract:During a VulnHub challenge, I developed a tool to give a simple shell if you can execute commands through the URL and curl it to HTMLSpeaker Bio:I am a student at UTSA on the Red Team interested in Red Teaming

09:30 - Dropbots: Command & Control using Cloud Storage - Mitchell MoserAbstract:Command & Control infrastructure is commonly thought of as spun-up servers using known 'bad' or newly established domains and IP addresses. But what if the adversary uses common cloud storage services for the same purposes? We'll look at some real-world examples of APTs using this technique in the wild. We'll demo an open source tool that uses Dropbox as a Command & Control server and observe the network activity associated with this communication.Speaker Bio:Mitchell is a recent graduate from UTSA double-majoring in Cyber Security and Information Systems. Prior to graduating, he was part of Frost Bank's Security Monitoring & Incident Response team and Captain of UTSA's CCDC Red Team. He is currently a part of the Incident Response team at ReliaQuest with an interest in offensive security.​

10:00 - Internet 101: How Alice Talks to Bob - MilkmanAbstract:This is a broad reaching presentation on how computers communicate with each other via IPv4. It covers many networking topics at a relatively high level, with the option of diving deep should the audience ask questions.Speaker Bio:Milkman has spent many years working on network systems and protocols in his paying world. When he brought his son to BSides San Antonio 2017 and as they worked on the CTF, his son asked "why do they keep talking about 65,000 ports?" That's when he realized a basic introduction to networking could be valuable.

11:00 - IDS Configuration for Beginners - Nick LeghornAbstract:Whether you're securing your home network or a corporate campus an Intrusion Detection Sensor (IDS) is a great tool to detect and identify threats on your network such as brute force attacks, malware infections, and active intrusions by malicious actors. In this talk we will discuss where to place your IDS for maximum effectiveness, a brief discussion of some IDS solutions on the market, and walk through a basic IDS configuration live on stage.Speaker Bio:Nick graduated from Penn State in 2010 where he studied cyber security risk analysis. He spent some time working for the Department of Homeland Security studying the risk posed to the United States by terrorist activities, moving to San Antonio in 2012 to start working at Rackspace Hosting in the Network Security department. While working at Rackspace Hosting Nick designed and configured Intrusion Detection Sensor (IDS) solutions for hundreds of customers, including helping with the incident response and analysis of alerts generated by those devices. Since leaving Rackspace Hosting, Nick has been working for numerous other companies in the local area tasked with designing and implementing an IDS solution to monitor traffic for hosted and local environments looking for attacks and other signs of compromise. Nick last presented his talk titled ""Risk Analysis for Dummies"" at The Last Hope in New York City in July of 2010.

13:00 - Fiddling with Flash Drive Forensics - Alexander KlepalAbstract:"It always makes me nervous when you ask questions in class, Alex... Your brain is more evil than mine." -Dr. Beebe, Digital Forensics ProfessorOne day in class, we were discussing the list of USB drives plugged into a Windows machine showing in the registry and it was said they can be used as evidence a drive has been inserted into this machine, but the lack of a key isn't evidence of it NOT having been plugged in (You can always delete the key). I asked ""can I export a key from one computer pertaining to a drive and just plant it by importing it?"" and this presentation was born.Speaker Bio:Alexander Klepal is a student in pursuit of a Bachelor of Business Administration (BBA) focused in Cybersecurity from The University of Texas at San Antonio. As a nationally ranked Penetration Tester (2nd in CIAS Cyber Panoply Fall 2016), regionally ranked CCDC Competitor (2nd at SWCCDC Spring 2017), and President of the UTSA Computer Security Association, his hobbies include study of cybersecurity, leisurely playing video games, and puns. Lots of puns.

14:00 - Containers: No, Not Your Mama's Tupperware - Ell MarquezAbstract:The technical community is all a buzz about containers but does anyone really know what they are? We will take the journey together , learning about the evolution of containerization technology. Understanding virtualization, Linux containers, and then moving on to cover the basics of Docker and Kubernetes.Speaker Bio:Ell has been part of the Rackspace family for three years as a Linux Administrator and OpenStack Technical Trainer. In this time she has developed a strong passion for education, mentorship and helping breakdown the barriers keeping new blood from our industry.

15:00 - Everything Old is New Again - Cindy JonesAbstract:Discussions and demonstrations surrounding how the same issues we saw as an industry 5, and even 10 years ago, are still the major factors when it comes to securing an organization and how an organization can take steps to protect themselves in the current climate.​Speaker Bio:Cindy Jones (CISSP) brings over 25 years of specialized IT & security experience, working as an Information Assurance Manager, Security Program Development Manager, and several other security roles. Cindy has worked in multiple industries, including federal, education, technology & healthcare. She has a background in development, maintenance & management of information security programs, which include compliance with federal privacy laws, DIACAP, HIPAA, and FedRAMP. Cindy has experience with security models of people, process, and technology, from blueprinting to execution. She has presented security models to the Air Force Chiefs of Staff. Cindy volunteers her time within the information security community as a member of senior staff for Security BSides Las Vegas as well as volunteering for DerbyCon and DEF CON. She speaks at multiple conferences during the course of the year, including various regional Security BSides events, CircleCityCon, and the IEEE Women In Engineering Forum.

16:00 - Adventures in Open Source Security Software -​Jordan WrightAbstract:These past few years have seen a significant increase in the number of available open source security tools. Many of these tools are actively maintained and have strong communities dedicated to their use, making impactful security software available to everyone.Getting involved in the open source community can seem daunting, but it is incredibly rewarding. This talk will guide attendees on how to get involved in the open source security community, using lessons learned from popular open source security tools to demonstrate how to most effectively contribute to security tool development as a user, a contributor, and a maintainer.Speaker Bio:Jordan Wright is a Principal R&D Engineer at Duo Security as a part of the Duo Labs team. He has experience on both the offensive and defensive side of infosec. He is the creator and maintainer of Gophish, a popular open-source phishing framework. He enjoys contributing to open-source software and performing security research.​

in the clouds - Garni science hall 107

09:00 - 10 Steps to a Sound Cyber Security Program - Heath C RenfrowAbstract:There is a proliferation of cyberattacks that has caused and continues to cause increasing damage to government entities, companies, and individuals alike. Organizations must take the cyber threats serious and adopt strict cybersecurity measures to counter those threats. In order for organizations to shore up their cyber defenses and go from a reactive cyber posture to a proactive posture, these ten steps should be taken: Step One - Executive Leadership InvolvementStep Two - Follow a Cyber Security FrameworkStep Three - Architecture DesignStep Four - Asset InventoryStep Five - Frequent Risk AssessmentsStep Six - Cyber Awareness ProgramStep Seven - Threat IntelligenceStep Eight - Automatic Patching SolutionStep Nine - Mitigation ControlsStep Ten - Third Party Risk ManagementSpeaker Bio:Mr. Heath Renfrow has served the Chief Information Security Officer for multiple global organizations, and most recently as the CISO for United States Army Medicine, where he was awarded the 2017 Global CISO of the year by EC-COUNCIL, the largest cyber training body in the world. Mr. Renfrow has 19 years of global cyber security professional experience, and is considered one of the leading cyber experts in the world. He holds Bachelors in Science in Information Technology and a Master’s of Science in Cyber Studies. He also serves on the following boards: National Cyberwatch Center Foundation, University of Indiana Cyber Advisory Council, and Cyber Patriot Program Advisory Council.

10:00 - Does Patch Tuesday Really Matter Anymore? AKA: "Screw Patch Tuesday!" -Duncan McAlynnAbstract:In this session, 6x Microsoft MVP, Duncan McAlynn, completely destroys the "Patch Tuesday" concept! With over 15 years of patch management experience, consulting some of the largest corporations in the world, Duncan has learned what works and what doesn't and why the current status quo isn't cutting it. Join the session to learn best practices from the field and why cyber events like WannaCry and NotPetya never should have occurred and how to prevent the next major outbreak. Speaker Bio:Duncan McAlynn is an award-winning InfoSec professional with 20yrs experience consulting Fortune 500s on enterprise management & security posturing. He is a published author, editor, industry columnist public presenter and has obtained a number of certifications and awards over his 20yr career, including MS-MVP, MCITP, MCSE, Security+ & the coveted CISSP. Duncan is also an active member in his local ISSA, ISACA & InfraGard chapters. His community project is helping small business owners work through the challenges of cybersecurity. And, most recently, he has successfully completed a comprehensive Harvard University Cybersecurity Risk Management program.

11:00 - Exposed: Getting Control of Your Vendors Before They Expose You - Dan BrowderAbstract:With cloud services now a normal part of business how does your organization handle being at fault when one of your third parties is breached? Properly vetting vendors and third parties is increasingly important to minimize the likelihood of that happening. We’ll explore the current and future state of third party risk management including: how to squeeze vendors for information they might not want to give you, what to do if you are the service provider getting questions, and how to plan for a breach of your information from a third party.Speaker Bio:Dan has been traversing tracts of technology for over 20 years. After dabbling in diversions from graphic design to development, Dan found himself a professional policy paper pusher. Aside from alliteration, Dan enjoys spending time with his family, building & breaking things – digital and physical, and operating a small shop selling stickers to suckers.

13:00 - Tactics, Techniques, and Procedures: Building and Running a Blue Team from Scratch - Abhishek TripathiAbstract:It has always been a challenge to detect threat actors, and this presentation will reveal a scalable security monitoring function empowered by open source knowledge repositories and tools. Together, we’ll explore the initial no-cost steps to start regaining the initiative via security monitoring including: log gathering, finding and identifying gaps detection, and testing of detection capabilities.Speaker Bio:Abhishek Tripathi is a Senior consultant at EY in their Cyber Threat Management practice. He has over two years of experience in designing and operationalizing Security Operation Centers across the globe. He has his MS in Computer Science from Syracuse University, NY.

14:00 - Credential Stealing Emails - What you need to know- Michael GoughAbstract:The latest vector in email attacks is credential stealing. This is nothing new, but there has been a serious increase of activity in this space and it is VERY successful. Why? Because they criminals are manning the phishing campaigns with live people who are logging into people’s Internet facing systems without 2-Factor Authentication and sending out more campaigns. Better yet, they are sending it to recent contacts, in small amounts so people are falling for it since they are actively, or have recently communicated with the victim giving the phishing campaign legitimacy.Speaker Bio:Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.

15:00 - The SIEMpsons - James "Iv0ryW0lf" BoydAbstract:SIEMs are instrumental in most large organizations. Most cyber defenders are at the mercy of the vendor to create parsers or connectors to work with the SIEM. What if there was another way and you had the knowledge to at least try? This will cover creating your own solutions to get data needed. Traditional and non Traditional data sources will be explored.Speaker Bio:Since the age of 13, Iv0ryW0lf has been hacking. He started with making his C-64 do things it wasn't supposed to do, replace little flipping guys with Mario in the game Kung-Fu Master using a hex editor. He is a retired USAF MSgt. Currently he works for Lumenate in the managed services division, assisting customers with their daily security issues.​

16:00 - Zero to Hero: A Red Team's Journey - Robert Neel, David ThompsonAbstract:This talk will be about our multi-year journey to full Red Team Operations. We will address our biggest hurdles, successes, lessons learned, and our RT wins all while working in an ultra-risk avoidance environment. We will also share examples from each phase of our progression and give examples of how we have been “purple teaming” since before the phrase was coined.Speaker Bio:Robert Neel has fourteen years experience as a system/network administrator and security consultant/engineer/analyst in the private sector. He is currently employed by a large financial institution where he established the Red Team and continues to lead it. In addition, he has seven years experience in the government sector where he performed Vulnerability Analysis and Exploitation for the NSA. He has experience with twenty-three programming languages and has written complex programs for both Offense and Defense in fifteen of those languages. Robert is also the founder of PENConsultants.com. When he is not Red Teaming, Robert loves to spend time with his wife and two children. They enjoy traveling, going to theme parks, and building their dream house together. David Thompson has 13 years experience in the security field. He is currently employed by a large financial institution where he leads the New Detective Capabilities Team and is an active member of the Red Team. He started his security road trip in the Air Force doing Vulnerability Assessments for the Air Force Blue Team and working Active Hunt Ops at NSA (OIF x2). He then took a Pen Tester position with Johns Hopkins Applied Physics Lab working on Space Systems and other DoD projects. Wanting to get back to TX, he took a Pen Tester job with the Air Force Blue Team (Threat Emulation Cell) working on Space, Aircraft and other Weapon Systems. When not on the keyboard, he loves spending time with his wife and three girls. They enjoy RVing, fishing, hunting and playing sports.​

in the thick of it - University center Conference Room D

09:00 - 10 Things Every Job Seeker Should Know- Kathleen SmithAbstract:Career search is not taught in school. So how do you learn the tips and tricks of a successful career search? Having spent 18 years in recruitment marketing, Kathleen Smith has seen both sides of the career search from the job seeker and recruiter viewpoints and she will be sharing the 10 things that job seekers will want to better understand in their career search. Speaker Bio:Kathleen Smith, CyberSecJobs.Com/ClearedJobs.Net

10:00 - Community Based Career Development - Kathleen Smith, Cindy JonesAbstract:Career development is typically seen as a progression of education, certification and job moves. However, to progress in our careers it is helpful to build both technical and non-technical skills in different environments to challenge us and give us the opportunity to learn. Community involvement strengthens not only the overall community but provides opportunities to stretch and learn new skills that support personal growth. We will review presenting, con management and competitions as ways to strengthen your career. This frank discussion by two community volunteers will outline how to evaluate these experiences and recommendations on presenting this information in your job search. Finally, we will address burnout, exhaustion and how not to burn bridges. Speaker Bio:Kathleen Smith, CyberSecJobs.Com/ClearedJobs.Net and Cindy Jones, Rapid7

11:00 - Are you pwning or being pwned? - Irma Symonds, Bill Branstetter, KJ Howell - Kathleen Smith ModeratingAbstract:It is a full-time job finding your next job, but we all don’t have that time to spare in our lives. According to the Department of Labor, most professionals will have at least 15 jobs in their lifetime, and in our community, that number is almost double. You may think you have a handle on finding your next job but what really goes on in recruiting and hiring may surprise you. What are tools and strategies to always have on hand so that you can succeed rather than fail. Hear from a panel of recruiters on what they recommend job seekers do to stay in the game. Speaker Bio:Irma Symonds, Bill Branstetter, KJ Howell - Kathleen Smith Moderating

13:00 - Strengthen Your SecOps Team by Leveraging Neurodiversity - Megan RoddieAbstract:High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community.Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry.This talk aims to show the listeners that, as many tech companies have found, the HFA community is ripe with individuals who could be the best of the best in the security industry if given the chance. The audience will realize that a small investment in time, understanding, and acceptance can result in the addition of an invaluable member to a Security Operations team.Speaker Bio:Megan Roddie is a security analyst with Recon InfoSec. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides Dallas, SOURCEConf, and various other conferences. Megan recently graduated with a Master’s degree in Digital Forensics and holds GCIH and GCFA certifications.

14:00 - Get An Internship!- Paul Guido, Sonny Montiel, Michael Davis, Adrian Clayton, Benjamin Richard, Emily EhlingAbstract:Come and find out what businesses are looking at when they fill an intern position. What can prospective interns do to put their best resume forward? Are you ready for the interview? Do you volunteer, mentor or coach others, if not, why not? We will have a panel of IT business professionals and interns available to discuss an intern program in place at a local regional bank.What can other organizations do to support a similar intern program? What should interns expect from the employer and what do employers expect from the interns?Keywords: Interns, Internship, MentoringSpeaker Bio:Michael Davis, Sonny Montiel, and Paul Guido all work for a local regional bank that recently hosted three interns, Adrian Clayton from the Open Cloud Academy, plus Benjamin Richard and Emily Ehling, students at UTSA.​